Tag Archives: Privacy Commissioner

Canadian Senate: Boring mumbo jumbo or fascinating privacy discussions? #MRX

Bumped to first class!

Bumped to first class!

On my way to prep for our Senate meeting

On my way to prep for our Senate meeting

Today, I was pleased and, more correctly, honoured to appear before a Senate Committee to speak with Kara Mitchelmore, the CEO of the MRIA, regarding Senate Bill S-4, the Digital Privacy Act. The official opinion will shortly be available but for those of you who can’t wait, here is the basic gist of it. Any inaccuracies here are my own. 1) Breach notifications should be mandatory, and the Privacy Commissioner should be the unbiased third party that determines what is a real risk of significant harm to an individual. 2) The MRIA supports the provisions in the bill which add clarity to what is valid consent. The committee may be interested in our code of conduct which contains a section on the ethical issues in dealing with children and young people. 3) The MRIA is pleased that PIPEDA will be amended to allow the transfer of personal information from an organization to a prospective purchaser or business partner (think mergers and acquisitions). 4) The MRIA does not support allowing organizations to share personal information of individuals to other organizations without consent. It should follow due process such as through a court order.

Senate Committee agenda

Senate Committee agenda

5) The MRIA would like to close a loophole which allowed organizations to share personal information without consent to an investigative body or government institution. It should follow due process such as through a court order. After we spoke, Michael Geist, a law professor at the University of Ottawa, made numerous excellent points (Michael’s website). Some of his comments are included here (any errors or misrepresentations are my own).

Enhanced by Zemanta
Advertisements

Data, Data Everywhere The Need for BIG Privacy in a World of Big Data by Ann Cavoukian, Ph.D., Information and Privacy Commissioner of Ontario, Canada #FOCI14 #MRX #GreatTalk

Live blogging from the #FOCI14 conference in Universal City. Any errors or bad jokes are my own.foci14

8:45 KEYNOTE Data, Data Everywhere The Need for BIG Privacy in a World of Big Data 
Ann Cavoukian, Ph.D., Information and Privacy Commissioner of ONTARIO, CANADA

  • big data and privacy are complementary interests
  • privacy by design is a win win proposition
  • if you don’t address privacy concerns, there will be a backlash
  • privacy = personal control, freedom of choice, informational self-determination, context is key
  • www.privacybydesign.ca
  • in 2010, passed this landmark resolution to preserve the future of privacy, has been translated into 36 languages because people are so desperate for this information
  • essence of it is to change the emphasis from a win-lose model to a win-win model, replace ‘vs’ with ‘and’
  • you must address privacy at the beginning of a program, embed it into the code at the beginning
  • 7 principles –
    • be proactive not reactive, prevention not remedial
    • default condition needs to be privacy
    • privacy embedded into design
    • full functionality, positive sum not zero sum
    • end to end security, full lifecycle protection, from the outset, from collection to destruction at the end
    • visibility and transparency, keep it open, tell customers what you’re doing, don’t let them learn afterwar
    • respect for use privacy, keep it user centric
  • Big data will rule the world – honeymoon phase, everything else must step aside, forget causality, correlation is enough
  • Then the honeymoon phase ends – found data… digital exhaust of web searches, credit card payments, mobiles pinging the nearest phone mast; these datasets are cheap to collect but they are messy and collected for disparate purposes
  • Big data is now in the trough of disillusionment
  • Google flu trends used to work and now doesn’t because Google engineers weren’t interested in context but rather selecting statistical patterns in the data – correlation over causation, a common assumption in big data analysis, imputed causality which is incorrect
  • MIT professor Alex Pentland has proposed a New Deal on Data – individuals to own their data and control how it is used and distributed
  • data problems don’t disappear just because you are working with big data instead of small data, you can’t just forget about data sampling
  • Forget big data, what is needed is good data
  • data analytics on context free data will only yield correlations, add context and then you might be able to impute causality
  • once business have amassed the personal information, it can be hard if not impossible for individuals to know how it will be used in the future – “A long way to privacy safeguards” New York Times Editorial
  • privacy is not a religion – if you want to do nothing, you can do nothing. but let people choose to do something
  • people now have to resign when data breaches happen, you must address them at the beginning
  • privacy should be treated as a business issue, not a compliance issue. gain a competitive advantage by claiming privacy, lead with it
  • proactive costs money but reactive costs lawsuits, brand damage, loss of trust, loss of consumer confidence
  • privacy drives innovation and creativity
  • privacy is a sustainable competitive advantage

Other Posts

%d bloggers like this: